I am starting a project to test anti-spyware software. I was wondering if anyone else has tested software in this area and has any sugestions on where to start. I am also tooling for any reading material I can get my hands on to learn more about anti-spyware. [img]images/icons/rolleyes.gif[/img]
The approach suggested by Prasanna has the advantage of testing your application's spyware prevention ability, but it would be difficult to ensure that both machines (real or virtual) faced the same threats. You would have to to visit the same sights at the same times and perform the same actions. Even then, there is some amount of randomness involved where one machine could get infected while the other isn't. In order to test clean up ability, I would first surf the casino and porn sights on machine1, then clone machine1 to machine2. This ensures that both machines have exactly the same spy programs. Install your software on one and a commercial vendor's on the other. Update both versions (I assume your software has dynamic update or it's worthless). Perform scan - cleanup activites with each. Compare the logs to see what spyware was found from each. Also perform post cleanup performance checks on each machine. Reboot each machine and re-scan each machine to rank each application's permanent clean up ability. One final suggestion - I highly reccomend performing this testing isolated from your companies network!
In order to test clean up ability, I would first surf the casino and porn sights on machine1, then clone machine1 to machine2.
I Agree, bpolitzer, the approach you have suggested is better.
In addition to this, i would recommend use of Internet Explorer, as most of the spywares targets to IE.